Home/Blog/CBDC Objectives and Design

CBDC Objectives and Design

Read time: 28 minutesMarch 7 2022
CBDC Objectives and Design


  • CBDCs are digital representations of government currencies and are often described as digital banknotes, as they are a claim that people have on the central bank.
  • Some of the advantages of CBDCs include: increasing speed and efficiency in transaction processing and payment settlement; facilitating fiscal transfers; increasing privacy; and allowing offline payments.
  • Some of the drawbacks of CBDCs include: difficult trade-off between privacy, anonymity and financial integrity; risk of currency substitution; and the impacts on the central bank’s balance sheet following CBDC demand from foreign jurisdictions.
  • There are currently a number of significant questions that are being actively considered, such as:
    • How should the CBDC architecture be designed?
    • Should ledger updates be carried out through a centralized authority or Distributed Ledger Technology?
    • Should access be granted through accounts tied to an identity (account-based access), or by demonstrating possession of a private key that corresponds to a public key (token-based access)?
    • Should CBDCs bear interest?


What are CBDCs?
Objectives of CBDCs
CBDC Design
   Ledger Updates
   Interoperability (assuming the use of DLT)
   Should CBDCs Bear Interest?
   Additional Considerations
Examples of CBDC Projects

The content follows a natural progression, but can also be read in segments and out of order, and is meant to be revisited over time.

A new area of digital finance is forthcoming, with CBDCs being an integral part of it and promising to grow significantly in the coming years. This topic has become highly debated worldwide, which is why we’ll dive into it.

What are CBDCs?

CBDCs are digital representations of government currencies, thus they have a legal tender status. They are often described as digital banknotes, as they are a claim that people have on the central bank (CB). This means that in the CB balance sheet they appear as liabilities, because they represent the currency in circulation.

CBDCs (and cash) differ from commercial banks’ money in that they are not subject to bankruptcy of the private sector and so are free from counterparty credit risk, which provides a higher level of financial security. CBs have historically only served commercial banks, so CBDCs would be the first government backed, and thus safest, digital asset available to the general public. They support offline payments and programmable features typical of cryptocurrencies, but they meet the three functions of money.

Comparison of the functionalities of three forms of currency.

Comparison of the functionalities of three forms of currency.

CBDCs can be based on permissioned blockchains or on traditional centralized systems. This highlights the difference between CBDCs and cryptocurrencies; the former rely on third parties such as CBs and commercial banks, the latter is a truly decentralized peer-to-peer system. CBDCs are not meant to substitute any other means of payment but complement those to build a varied payment system.

2 forms of CBDCs exist:

  1. Retail:
  • Provide individuals and enterprises with the most advanced payment methods for daily transactions
  • Can be operated by both the CB and the private sector
  1. Wholesale:
  • Issued to institutions such as commercial banks for interbank payments and cross-border large-value settlements
  • Operated by the CB

Objectives of CBDCs

There is no unified objective for CBDCs, as each country is different and aims to tackle various problems with the issuance of a digital sovereign currency. CBs often mention their commitment to providing public goods to their citizens, but other motives have been identified, as detailed below.


  • Increasing speed and efficiency in transaction processing and payment settlement, as well as the overall resilience and performance of payment infrastructures. According to a survey carried out by BIS, payment safety and efficiency rank first in the motives for issuing CBDCs.
  • Strengthening the international position of their currencies by increasing currency distribution (financial sovereignty).
  • Facilitating fiscal transfers (e.g., allow real time aid to be distributed to the public in times of financial distress or automate tax collection). In terms of privacy, this could require users to share their CBDCs’ addresses with public authorities. A solution could be that of interoperating with a digital identity system for the scope of fiscal transfers.
  • Providing basic financial services without needing to open a bank account. This helps to fight financial exclusion, exacerbated by the decline of cash usage. Considering that digital inclusion is tightly connected with financial inclusion, alternative devices could be used instead of software wallets on smartphones. Examples include hardware wallets such as smart debit cards and Internet of Things (IoT) devices. Importantly, this needs to be combined with incentives given to the private sector to provide services to unserved individuals.
  • Allowing for an easier implementation of financial stability and monetary policies (e.g., increasing/ decreasing money supply by controlling interest rates, assuming interest-bearing CBDCs). However, this is also identified as a potential risk, because inflation could follow an increase in money supply that exceeds GDP growth.
  • Boosting competition in retail payments (by reducing costs to consumers and merchants and improving users’ experiences) and diversifying means of payment.
  • Fostering innovation, satisfying the public demand for digital and seamless payment methods and addressing the limitations of the current payment infrastructure. E.g., introducing CBDCs mitigates principal risk by supporting delivery-versus-payment and payment-vs-payment functionalities.
  • Eliminating the need for correspondent banking arrangements and facilitating international payments that have the same properties as domestic ones, namely being real-time, transparent and cost-efficient. To give an example, a report published by JPMorgan Chase and Oliver Wyman consultancy finds that multinationals pay about \$120 billion annually to complete \$23.5 trillion in cross-border transactions. This shows why the G20 has recently established a roadmap to improve cross-border payments.
  • Allowing offline payments. E.g., China’s digital RMB wallet supports transactions via a Bluetooth connection instead of WiFi.
  • Providing a higher level of privacy compared to commercial money, but lower level of privacy compared to cash.
  • Providing continued access to CB money, considering that cash usage is decreasing around the globe, and strengthening the role of CBs. In jurisdictions where it is too expensive to produce banknotes or fraud levels are very high, CBDCs could be an opportunity to issue CB’s money.
  • Supporting the digital economy, by allowing settlement in tokenized digital securities.


  • Commercial banks are worried about the implications of CBDC’s introduction for lending, fearing that customers' deposits move from banks to digital wallets (bank disintermediation). CBs are working on these concerns, but in broad terms it has been proven that if commercial banks hold enough excess reserves and collateral to obtain additional funding from CBs, it is possible to avoid disintermediation without increasing funding costs. Also, note that private sector developments such as stable coins may lead to similar deposit substitution risks.
  • Creation of financial instability, especially during crises due to bank runs. This is exacerbated by the possibility to move funds into a foreign CBDC seamlessly (cross-border bank runs).
  • Difficult trade-off between privacy, anonymity and financial integrity.
  • Increased reputational risk for CBs.
  • Technological, regulatory and compliance issues arise.
  • Risk of currency substitution.
  • Effects on monetary policy.
  • Impact on the CB’s balance sheet following CBDC demand from foreign jurisdictions.

CBDC design

The following steps should be considered in order when deciding the CBDC design to be implemented:


It refers to the extent to which the private sector is involved and partners with CBs, and if this happens at all, defining which actors have access to what information.

Indeed, CBDCs can be issued directly by a central bank, or the latter can collaborate with financial service providers to join forces and unite the expertise typical of the public sector (monetary policy) with that of the private one (know-your-customer procedures, payment and customer services).

The 2 main models being considered are:

  1. One-tier retail system: CBDCs are solely operated by CBs, which distribute CBDCs to the public and manage their accounts. This is appropriate in jurisdictions lacking adequate private payment provision to the public.

This model is referred to as Direct because the CB issues, circulates and maintains record keeping of balances and transactions directly. The advantage is that being built independently of the existing payment infrastructure provides resilience to the system, that would remain active even when others fail.

Under this model, the CBDC could be programmed to allow only certain transactions, while forbidding others (e.g., gambling payments or alcohol purchases).

  1. Two-tier retail system: some roles are carried out by CBs and some others by the private sector, that is experienced in interfacing with customers.

CBs distribute CBDCs via regulated intermediaries (payment service providers - PSPs), a popular route around the world. The more diverse the private intermediaries are, the more competition is created, and thus better options are proposed to users. However, a higher level of coordination is required to define responsibilities and accountability, and the cost of oversight would increase following a more complex system structure.

3 access models fall under this category:

  1. Hybrid: the claim is held against the CB, but system operations are outsourced to the private sector. This means that CBDC is not a liability of the payment service provider and thus it is not present on its balance sheet. It follows that bankruptcy of intermediaries does not affect the balance of CBDC. Whether the private sector should use a proprietary or non-proprietary protocol varies among jurisdictions.
  2. Intermediated CBDC: same as hybrid but the CB maintains a copy of retail, wholesale, or both, CBDC holdings, varying among jurisdictions to meet privacy and security objectives. This allows portability in bulk to restore operations in the event of a PSP’s failure.
  3. Indirect or Synthetic CBDC: the claim is on the intermediaries, which are required to 100% back CBDC holdings with reserves at the CB.

In both cases (one- and two-tier systems) the CB holds the responsibility to provide all economic agents with CBDCs, meaning that in places not covered by PSPs, the CB would have to appoint agent networks such as post offices to include customers in those regions.

Ledger updates

Should ledger updates be carried out through a centralized authority or a DLT (Distributed Ledger Technology)?

Peerapong Thonnagith, Assistant Director & Technical Lead of the Digital Currency Team at the Bank of Thailand, explains that if interoperability between CBDCs and other assets is desired, the DLT has more potential because it leverages smart contracts. On the contrary, if privacy matters for the parties involved in a transfer, relying on a centralized authority would be better, considering that DLT fosters transparency by design. Also, if leveraging offline capabilities is the norm for interacting, then he personally believes that the centralized version is more suited, although it does not have an absolute advantage.

Moreover, DLT presents limitations in terms of performance and scalability to handle large retail transaction volumes (although this issue could be addressed soon e.g., using parallelized chains), but it offers greater security and resilience thanks to the use of cryptography and from deploying multiple validating nodes. It also fosters innovation thanks to programmability (complex functionalities such as invoice tokenization and programmable money are achievable using smart contracts).

Jonathan Dharmapalan, CEO of eCurrency, adds that a DLT is insufficient for managing a bearer instrument, explaining that it has drawbacks at the security layer associated with asymmetric keys, as they are prone to quantum computing attacks. The use of the Digital Symmetric Core Currency Cryptography (DSC3) is required to protect the currency instrument itself (the core of the currency) and operationalize CBDCs. If this is done, a DLN (Distributed Ledger Network) is per se not needed to distribute the currency. Similarly, Geoffrey Goodell, Lecturer at the University College London, says that a DLT is not used to ensure integrity of a bearer instrument, but it is needed to avoid a single point of failure and to ensure that the parties that manage transactions are not going to misbehave.


The options being considered are whether to implement access through accounts tied to an identity (account-based access), or by demonstrating possession of a private key that corresponds to a public key (token-based access). The former is considered posing the biggest risks to both personal and economic freedom, the latter causes risks to keys management. This decision affects anonymity & privacy, that will be explained below.

Account-based access:

It refers to accounts held at the CB or another centralized authority, which needs to have access to both account-holders' information and transactions data because CBDCs are a liability of CBs. As a consequence, governments might have access to such data, which would introduce new human rights threats to consumers.

In a one-tier model, the CB holds accounts directly, so these risks are at their highest in this scenario. User interface applications can be linked to the CB directly, or to the PSP’s systems.

In a two-tier model, design choices and different levels of decentralization can minimize the above-mentioned issues:

  • Each PSP could manage its users’ accounts without providing any personal information to the CB (Hybrid architecture), which runs omnibus accounts for PSPs. The CB provides messaging protocols and PSPs provide user interface applications.
  • PSPs could manage users’ accounts and periodically send a copy of transactions to CBs (Intermediated architecture), which in turn manages PSP’s accounts. When doing so, they could use virtual identifiers instead of consumers’ real names. PSPs provide interface and back-end settlement.

In both cases, user interface applications access the PSP’s systems and the PSP’s back-end systems communicate with the CB system.

For the scope of AML/CTF compliance, account holders’ identities are checked when the accounts are opened.

Token-based access:

A CBDC is issued in the form of a digital token on DLTs that works by transferring ownership in the system, without needing to reconcile databases.

The Future Infrastructure for Retail Remittances (FIRE) project by everis, a consultancy that is part of the NTT DATA Group, the British Standards Institution (BSI), Bank of England (BoE), University College London (UCL), and the University of Edinburgh, focuses on developing a cash-like payment mechanism for the digital world, not because they wish to substitute cash with CBDCs, but because they are aware that cash is a disappearing payment option (consumers increasingly use digital payments) and that its infrastructure carries high fixed costs.

The key point of token-based access is avoiding the risk of profiling (knowing how consumers spend their money and collecting data to build a transaction history), while allowing AML/KYC procedures. To do so, it is necessary to decouple users’ identities from their transactions, thus breaking the link between the identity of a sender and the recipient, the size of a transaction, the metadata, and other transactions carried out by the same sender. To achieve this goal, the use of a bearer instrument (token) is crucial, together with the use of a non-custodial wallet. A non-custodial wallet enables users to manage public and private keys autonomously and ensures that assets are under the users’ possession, instead of having a gatekeeper holding them on their behalf.

The key characteristic of a non-custodial wallet is not being identifiable which, as explained by UCL Professor Goeffrey Goodell in the presentation he gave at the International Telecommunication Union (ITU) on 25 January 2022, in turn means that it:

  • Must not be issued by a central authority (such as in the proposal for a trusted and secure European e-ID)
  • Must not require registration, to avoid linking users’ identities and their transactions
  • Must not require trusted computing to work, to avoid involving a trusted third party

Privacy Enhancing Technologies (PETs) can help build a system that is private by design for consumers. The FIRE project proposes the use of blind signatures, as Zero-Knowledge Proofs are considered heavy weight and could impact the system performance. They also suggest employing a two-tiered model, whereby the private sector runs the system, and the CB oversees operations.

The system would work as follows:

  • The user provides a central issuer (such as the CB) with a block of data that she/he created and asks the central issuer for a blind signature. The signature has the purpose of validating the asset as legal tender. A part from sending the asset created, users also send a payment to the central issuer (of the same value of the CBDC requested)
  • The central issuer responds with a blind signature on a template credential, which the user transforms into a valid signature on a new block of data. Note that to avoid linking the user’s request for CBDCs with activities that he/she will subsequently carry out (timing attacks), it is important to ensure that there is a sufficiently large anonymity set. Some examples of ways to do so are encouraging consumers to withdraw CBDCs in fixed-seized lots; incentivising users to use slow relays by default; using relays that have different frequencies; encouraging slow transaction settlement.
  • Whenever the user wishes to spend CBDCs, she/he provides instructions to a merchant and, subsequently to a relay system sending proof to the merchant of the fact that the digital currency has been transferred successfully (proof of provenance - POP), the consumer can receive goods or services.

Illustration of a potential CBDC architecture

Illustration of a potential CBDC architecture.

This system allows clearing and settlement by the private sector, preserving the existing two-tiered model, and it protects users from profiling through privacy by design. Indeed, regulators know only one of the parties to each transaction, usually the recipient, while the sender remains anonymous. However, in order for the sender to remain anonymous, she/he must create the asset herself/himself (like in the procedure described above). Indeed, private actors cannot exchange value between private wallets (chained transactions) if transactions are not subject to control at the interface with payment service providers. Hence, holders of payer and payee accounts are known but using the non-custodial wallet prevents regulators from seeing that money has flowed between them.

Interoperability (assuming the use of a DLT)

Interoperability of CBDC is intended with both the existing payment instruments and their infrastructure (legacy systems), and other CBDC belonging to foreign jurisdictions (cross-border transactions).

Legacy systems:

To foster interoperability with existing legacy systems, oracles could be employed to push and verify off-chain data to the blockchain.

Cross-border transactions:

Following an analysis of interoperability techniques used in cryptocurrencies where sidechains (relay, centralized and federated two-way pegs), hash time locked contracts, blockchain of blockchain, and hybrid connectors (trusted relay, blockchain agnostic protocol, blockchain migrator) were compared, it can be argued that the best technique to foster interoperability between heterogeneous CBDC is using trusted DLT-relays with decentralized escrow parties.

Moreover, the literature produced by CBs highlights that there are different degrees of interoperability among CBDC’s blockchains:

  • A multi-ledger implementation (mCBDC) based on compatible systems

It leads to the alignment of legal and regulatory regimes, thanks to compatible technical and encryption standards.

  • A multi-ledger implementation (mCBDC) based on interlinked systems

A common technical interface or a common clearing mechanism are used.

  • A single multi-currency (single mCBDC)

Several currencies run on the same ledger, thus using the same rulebook and governance arrangements.

Should CBDCs bear interest?

This decision is strictly related to monetary policy objectives of each CB and the role that CBDCs have in each jurisdiction (digital cash or alternative to deposits). For instance, a negative interest on CBDCs accounts would stimulate spending, as users would have to pay the CB for holding their CBDC.

Most CBs are planning to issue their CBDC with no interest at first, and later on decide on the best course of action.

Additional considerations

Anonymity & Privacy

Defining the difference between anonymity and privacy is crucial to solve the payment privacy paradox in retail CBDCs (whereby users require privacy but also wish to maintain compliance with AML/CFT regulations).

Anonymity is unconditional and, in computer science, it refers to pseudonymity together with un-linkability. The former is a middle ground between using a real name and using no name at all to initiate transactions, the latter refers to the unfeasibility to tie different transactions to one another, blocking any pattern of behaviour from emerging over time (Narayanan et al., 2016).

Privacy is often confused with transaction confidentiality, which is considered conditional because the link is hidden by a third party, and it is not disclosed unless there are reasons to believe that the law has been broken. Instead, privacy prevents individuals from revealing personal information in the first place.

It is argued that central banks are better positioned than other financial services intermediaries to ensure privacy, due to a lack of profit motive to exploit data. They say they would use it for macro-economic policy related analysis or to maintain a CBDC system backup (recall the intermediated architecture explained above). On the contrary, such data could be used by the private sector to study users’ preferences and build tailored products for them, which is why it is argued that a too elevated level of privacy would hinder private sector innovation.

Trilemma of privacy, anonymity and financial integrity

The design of CBDCs has implications for the trade-off between privacy, anonymity and financial integrity. This is probably the most debated aspect of CBDCs because important factors such as legal & human rights, and compliance with AML/CTF need to be considered.

As explained above, transaction confidentiality or data protection can be ensured when transactions are not anonymous by leveraging a two-tier architecture. Indeed, PSPs can be legally forbidden to share any personal details of their users, unless in specific circumstances, as required by the law. This could be done by storing pseudonyms in the core ledger, that can be linked to identities only by PSPs. However, trust in the incorruptibility of the institutions involved is a prerequisite for this system to work.

The argument of people wishing for anonymity to be a design feature is (often) to achieve the level of privacy that we already have in traditional banking. However, this is true only for cash, as transactions carried out with commercial bank money are tied to our identity, and the intermediaries charged with KYC procedures and other regulatory requirements have access to such information. In fact, the governor of the People’s Bank of China (PBoC) explains that, to find a balance between privacy protection and crime prevention, the PBoC will only collect the minimum required amount of personal information, making CBDCs more private than commercial banks’ money in use today. Note that the comparison here is made between commercial money and CBDCs, rather than between cash and CBDCs. Indeed, wishing that CBDCs had the anonymity that characterizes cash can be considered a category error, as things with different underlying characteristics are being compared (this is not to say that CBDCs and deposit money present the same features; in fact, they are fundamentally different due to the claim they represent, the former on CBs and the latter on intermediaries, but it is a better comparison in the context of privacy). Similarly, the Fed writes that programmable money is a new product category that can be used to complement existing money products (Lee, 2022).

Moreover, concerns have been raised about the motives of central banks/governments curiosity to explore CBDCs – mainly rooted in privacy, surveillance, and centralization of control (Chandler, 2022). For instance, consumers' data could be used to identify members of certain political parties, religious and social groups, rebellious and any other individual considered a threat to the state. Also, governments could limit consumers’ spending to what they deem appropriate, thanks to programmability.

Regarding programmability, China has been criticized for developing a digital yuan that is programmable in the sense that they can set deadlines on its spending, a kind of behaviour that, is argued, could be embraced by not-liberal countries. However, the Bank of Canada finds that adding an “expiry date” to offline CBDCs encourages user adoption because unspent offline balances are reimbursed after the deadline has expired. Similarly, the BIS refers to actions such as limiting CBDC holdings or transactions, having different access criteria for diverse levels of users' identification, and making certain choices about CBDC remuneration, as safeguards that could be built into CBDCs to address financial stability risks. However, they anticipate potential obstacles to public understanding and thus acceptance, which could explain the attacks on China on this front.

Further, the argument of people that consider privacy a better option is to safeguard financial integrity and disincentivise criminal activities. A very extreme example is provided by David Birch’s in his book Before Babylon, beyond bitcoin where he hypothesizes that a public ledger could record bets that people make on when hated public figures will die, allowing the winner to collect a quantity of untraceable digital money that varies based on how much the person in question is hated by the public. In other words, an anonymous digital currency would make it easier for criminals to make and receive payments, in turn supporting their wrongdoings, by allowing them to move capital around.

Both arguments have value, and at the end of the day design choices depend on the specific objectives set by the CB and on the issues that each jurisdiction wishes to tackle. Thus, depending on whether CBDCs are thought of as a substitute for cash or as a new means of payment to complement the ones already in existence, anonymity and privacy will play different roles and one will be preferred over the other. There is no one size fits all. Importantly, these decisions should be taken on the basis of their underlying principles, rather than technology. In simple terms this means that governments should not require users’ identification just because the technologies available today allow them to.

China’s proposal: Managed Anonymity

Different digital wallets are offered to users, depending on the strength of personal information identification they provide.

Digital yuan wallets have multiple tiers; the small tier only requires a phone number to initiate transactions while, to transact larger values, conventional proof of identity is needed. This ensures anonymity in small value payments (approximately \$300), and traceability in larger value ones.

Following the introduction of the Personal Information Protection Law (effective since November the 1st 2021), in case illegal activities were suspected, a legal warrant would have to be presented to uncover the identity of the suspect, as telecom companies are forbidden from releasing any personal information to anyone, including the CB and government.

The Director General of China’s central bank Digital Currency Research Institute rejects the accusation that CBDC is a tool to monitor payments, explaining that China is already able to do that through other means of payment. Indeed, since 2018 barcode and online payments via WeChat Pay and Alipay wallets, which require identification at onboarding, must be cleared via, respectively, UnionPay, the Chinese state-owned card issuer, and NetsUnion Clearing, set up by the People’s Bank of China.

This shows that eCNY (electronic Chinese Yuan) collects a smaller amount of information compared to other electronic means of payment. Moreover, privacy is fostered by the sub wallet function, which allows a main wallet holder to open multiple sub-wallets that have a separate identity attached to them, to make it harder for tech firms to identify spending patterns among sub-wallets.

Examples of CBDC projects

The Digital Currency and Electronic Payment (DC/EP) Project (digital Yuan):


  • Digital Currency Institute of the PBC


  • The project started in 2017, with phase 1 of the project beginning in September 2019


  • Build an open, inclusive, interoperable, innovative (e.g., it supports offline payments) currency system for the digital economy.
  • Enhance cross-border transfers and build a multi-currency cross-border network


  • It is the most advanced CBDC project.
  • It follows an Intermediated model, as the CB periodically stores a copy of retail holdings and transactions.
  • The infrastructure comprises both a conventional centralized database and a DLT, hence the private sector can select its preferred option.
  • Access is allowed using a value-based, semi-account-based and account-based hybrid payment instrument. Diverse levels of users' wallets exist, based on the strength of identity verification that users decide to provide. The more information provided, the higher users’ balances and transaction limits.
  • The focus is on domestic retail transactions.
  • Retail and wholesale linkages allow foreign visitors to use DC/EP in China using a foreign telephone number, as they are connected to existing retail and wholesale systems.

Extra info:

  • e-CNY pilot app is compatible with interfaces offered by nine domestic commercial banks, including Alipay and We Chat.
  • Alipay and We Chat have a symbiotic relationship with e-CNY: the former are 360-degree lifestyle platforms, the latter is a wallet with basic functionalities. The CB needs them to become popular and gain users, while the introduction of e-CNY will result in a lot more digital money flowing through their apps.
  • We Chat and Alipay are not competitors of e-CNY, but partners. Indeed, it is unlikely that merchants will switch to e-CNY if they rely on e-commerce for their activities, for which the We Chat and Alipay generate various analytics.
  • e-CNY pilot app is being tested by users in the 2022 Beijing Winter Olympics venues, where foreign visitors are invited to use it for the first time, as well as in 10 other major cities, where it is being welcomed with enthusiasm. In fact, the People’s Bank of China refused to commit to a full national rollout, and it is gradually expanding its pilot program.

The e-Krona Project:


  • Sweden’s central bank Sveriges Riksbank


  • E-Krona project started in 2017
  • Proof-of-concept: February 2020


  • Keep up with the digitalization of its economy, that is witnessing the fastest decline of cash usage worldwide.


  • The chosen architecture is Hybrid. In addition, the CB must provide a contingency plan if one or more intermediaries fail.
  • The proof-of-concept uses a DLT, based on R3’s Corda. However, researchers are considering both conventional and DLT technologies.
  • Access is possible through both accounts and tokens. The former is required for larger payments, the latter for smaller ones that can remain anonymous. It is likely that CBDC payment cards will be produced to allow access to users without a smartphone and to support offline payments.
  • Even if account-based access is implemented, the CB does not receive any information on the account holders, but only information regarding account balances and transactions.
  • The focus is domestic, retail use by foreign visitors is only possible through pre-paid cards that allow for small value purchases.
  • E-krona connects to existing wholesale systems to enable cross-border payments.

Project m-CBDC Bridge. Started off as project Inthanon-LionRock, which comprised 2 phases. Phase 3 was renamed into m-CBDC Bridge.


  • Hong Kong Monetary Authority (HMA) and the Bank of Thailand (BoT). BIS Innovation Hub Hong Kong Centre, the People's Bank of China (PBoC) and the Central Bank of the United Arab Emirates (CBUAE) joined the project in phase 3, in February 2021


  • May 2019


  • Facilitate real-time cross-border foreign exchange payment-versus-payment transactions in multiple jurisdictions, 24/7, using a common platform.
  • Phase 3 focuses on design choices, technology trade-offs, and a roadmap to move from a prototype to an open-source system.

Project Aurum


  • BIS Innovation Hub and Honk Kong Monetary Authority (HKMA)


  • March 2021


  • Study two-tier system architectures for a retail CBDC, namely hybrid CBDC and Indirect/Synthetic.

Project Jura, part of a series of CBDC experiments announced by the Bank of France in July 2020


  • Banque de France (BdF), the Bank for International Settlements (BIS) and the Swiss National Bank (SNB), in collaboration with firms from the private sector consortium (Accenture, Credit Suisse, Natixis, R3, SIX Digital Exchange and UBS).


  • 10 June 2021


  • the experiment explores the exchange of a French financial instrument against a euro wCBDC (wholesale CBDC) using a delivery versus payment (DvP) settlement mechanism, and the exchange of a euro wCBDC against a Swiss franc wCBDC using a payment versus payment (PvP) settlement mechanism. The transfer of wCBDC between French and Swiss commercial banks takes place on a single DLT platform operated by a third party.
  • This project continues the work conducted by the Swiss National Bank and the BIS Innovation Hub under Project Helvetia.

Similarly, the BdF, HSBC, and IBM tested multi-ledger CBDC transactions to demonstrate the possibility to interoperate among CBDCs residing on different chains (IBM’s Hyperledger Fabric and R3’s Corda in this case).

Project Dunbar


  • Reserve Bank of Australia (RBA), Central Bank of Malaysia (BNM), Monetary Authority of Singapore (MAS), South African Reserve Bank (SARB), and the BIS Innovation Hub.


  • 2 September 2021


  • improve cross-border payments developing a shared multi-currency CBDC platform that facilitates seamless international settlements on a common platform (single mCBDC).
  • There are two parallel Technical Workstreams: one on Corda (led by R3), and one on Quorum (led by Partior, with support from DBS, JPMorgan and Temasek).
  • Define access, governance, regulations & jurisdictional barriers.


Project Jura - Cross-border settlement using wholesale CBDC (

Press release: Bank for International Settlements Innovation Hub, Swiss National Bank and Bank of France collaborate for experiment in cross-border wCBDC (

Project Dunbar: international settlements using multi-CBDCs (

Two-tier distribution model of retail CBDC (

Calabro_CFO Insights_121416 (

A trusted and secure European e-ID - Regulation | Shaping Europe’s digital future (

DSC3 - Digital Symmetric Core Currency Cryptography

E-krona | Sveriges Riksbank

(1) The Risks to Society of Central Bank Digital Currencies (CBDC) | LinkedIn

Digital Yuan Ready for International Olympic Showcase at Beijing 2022 Games (

WeChat Pay Interoperability is Another Key Breakthrough for Digital Yuan Pilot (

Chinese governor says CBDC must balance privacy and anti-crime measures - Central Banking

Central Bank Digital Currency : Background Technical Note (

20210910_CBDC_report_E_exsum.pdf (

Money and Payments: The U.S. Dollar in the Age of Digital Transformation (

Central bank digital currencies - executive summary (


The Fed - What is programmable money? (

unlocking-120-billion-value-in-cross-border-payments.pdf (

DC³ Conference - From Cryptocurrencies to CBDCs -Opening session: - YouTube

DC³ Conference - From Cryptocurrencies to CBDCs -Central Bank Digital Currency Track - YouTube

CBDC - System design and interoperability (

Multiple CBDC (mCBDC) Bridge (

Book: Cashless, China’s digital currency revolution by Richard Turrin

[2110.13840] A Scalable Architecture for Electronic Payments (

SP-20_0.pdf (

This document was authored by Matilde Faro during her internship.